Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CSRF
Metasploit
NVD
CVSS 3.0
3.5
EPSS
0.2%